MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 23:13:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,237,053 Commits 589 Branches 4,509 Tags 4.3 GiB
C 97.5%
Assembly 1%
Shell 0.6%
Python 0.3%
Makefile 0.3%
Other 0.1%
0214b96a6a
Go to file
Mimi Zohar 0214b96a6a ima: limit the number of ToMToU integrity violations 
[ Upstream commit a414016218 ]

Each time a file in policy, that is already opened for read, is opened
for write, a Time-of-Measure-Time-of-Use (ToMToU) integrity violation
audit message is emitted and a violation record is added to the IMA
measurement list.  This occurs even if a ToMToU violation has already
been recorded.

Limit the number of ToMToU integrity violations per file open for read.

Note: The IMA_MAY_EMIT_TOMTOU atomic flag must be set from the reader
side based on policy.  This may result in a per file open for read
ToMToU violation.

Since IMA_MUST_MEASURE is only used for violations, rename the atomic
IMA_MUST_MEASURE flag to IMA_MAY_EMIT_TOMTOU.

Cc: stable@vger.kernel.org # applies cleanly up to linux-6.6
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Tested-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
[ adapted IMA flag definitions location from ima.h to integrity.h ]
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-09-19 16:32:01 +02:00
arch x86/vmscape: Add old Intel CPUs to affected list 2025-09-11 17:20:28 +02:00
block block: reject invalid operation in submit_bio_noacct 2025-08-28 16:28:40 +02:00
certs sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 2025-04-25 10:45:58 +02:00
crypto crypto: jitter - fix intermediary handling 2025-08-28 16:28:26 +02:00
Documentation x86/vmscape: Enable the mitigation 2025-09-11 17:20:27 +02:00
drivers media: i2c: imx214: Fix link frequency validation 2025-09-19 16:32:01 +02:00
fs NFSD: nfsd_unlink() clobbers non-zero status returned from fh_fill_pre_attrs() 2025-09-19 16:32:01 +02:00
include net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. 2025-09-19 16:32:01 +02:00
init sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP 2025-05-02 07:50:57 +02:00
io_uring io_uring/net: commit partial buffers on retry 2025-08-28 16:28:11 +02:00
ipc ipc: fix to protect IPCS lookups using RCU 2025-06-27 11:08:49 +01:00
kernel sched: Fix sched_numa_find_nth_cpu() if mask offline 2025-09-09 18:56:26 +02:00
lib netlink: add variable-length / auto integers 2025-09-09 18:56:22 +02:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm mm: introduce and use {pgd,p4d}_populate_kernel() 2025-09-19 16:32:01 +02:00
net net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. 2025-09-19 16:32:01 +02:00
rust rust: module: place cleanup_module() in .exit.text section 2025-07-06 11:00:06 +02:00
samples samples: mei: Fix building on musl libc 2025-08-15 12:08:43 +02:00
scripts kasan: fix GCC mem-intrinsic prefix with sw tags 2025-09-19 16:32:01 +02:00
security ima: limit the number of ToMToU integrity violations 2025-09-19 16:32:01 +02:00
sound ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY 2025-09-09 18:56:32 +02:00
tools tools: gpio: remove the include directory on make clean 2025-09-09 18:56:34 +02:00
usr kbuild: hdrcheck: fix cross build with clang 2025-03-13 12:58:38 +01:00
virt KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock 2024-10-04 16:29:47 +02:00
.clang-format iommu: Add for_each_group_device() 2023-05-23 08:15:51 +02:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore Remove *.orig pattern from .gitignore 2024-10-04 16:29:44 +02:00
.mailmap 20 hotfixes. 12 are cc:stable and the remainder address post-6.5 issues 2023-10-24 09:52:16 -10:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING
CREDITS USB: Remove Wireless USB and UWB documentation 2023-08-09 14:17:32 +02:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS sign-file,extract-cert: move common SSL helper functions to a header 2025-04-25 10:45:57 +02:00
Makefile Linux 6.6.106 2025-09-11 17:20:28 +02:00
README

README

Linux kernel

There are several guides for kernel developers and users. These guides can be rendered in a number of formats, like HTML and PDF. Please read Documentation/admin-guide/README.rst first.

In order to build the documentation, use make htmldocs or make pdfdocs. The formatted documentation can also be read online at:

https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory, several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the requirements for building and running the kernel, and information about the problems which may result by upgrading your kernel.